Cost to reclone a slew of machines...
Hmmm... "over $700,000" in damage on 97 systems... over $7200 per system? What?!?
Does the governement put a server, an IBM M Pro engineering workstation or high end laptop on every desk? Did the hack "destroy" the machines making them unusable or unable to be recloned? Could a hack cause them to lose software licences? Does the military pay $500+ per hour for IT grunt work?
I suspect the answers to all these questions is a resounding "NO!"
Did the hack compromise the OS install? Maybe. But all he said he did was look for default passwords... so this suggests to me that the problem is that they didn't rename the Administrator account or give it a decent password.
Whose fault is that? (cue in a picture of some really embarrassed military IT staff)
So to fix this... clone a system, modify it by renaming the admin account and giving it a real password, recreate image. That should not take more than 2 hours. 2 hours * $100/hr = $200 - per PC model. They probably have a few different common models, so maybe a couple of thousand in total. Then to recloning the whole lot should not take more than 1 hour per system.... or in other words, $100 per system, not $5000 per system, and definitely not the $7200+ per system that the "$700,000 in damage" works out to.
So in my view, the REAL cost of the "damage" is more like $15,000 to $20,000 worth of labour and some bruised egos.
And if they are paying more than $100 an hour just to do system recloning gruntwork, they had better not publicize it or they will make themselves look like idiots.
The only way that $700,000 of "damage" could have been done is if his hack had rendered systems unusable, causing lost productivity.
But to do this, you have to quantify what could have been "produced" if systems had not gone down (and this is where we can start making jokes about government/military "productivity")
But this is probably moot because by the sounds of it, this guy caused no such down time.